CIS and audit rules

CIS and audit rules

[Alarie, Maxime]

[-- Attachment #1.1: Type: text/plain, Size: 295 bytes --]


Anyone ever implemented auditd  by following the CIS standards described here?  https://benchmarks.cisecurity.org/downloads/show-single/?file=suse11.110

Is it too restrictive?  Not enough?  Too much ressources consuming?  I would like some comments/opinions if possible.


Many thanks.

[-- Attachment #1.2: Type: text/html, Size: 2442 bytes --]

[-- Attachment #2: Type: text/plain, Size: 0 bytes --]

Re: CIS and audit rules

[John Jasen]

[-- Attachment #1.1: Type: text/plain, Size: 844 bytes --]

I've been testing a variant of the CIS benchmarks, supplemented (for
compliance reasons) by the NIST USGCB baselines.

I've also been testing auditd with setuid/setgid binaries.

Also as a potential replacement for aide (again, mostly compliance reasons).

Your use of auditd rules depends a lot on your drivers for doing so, and
your desired results.


On 08/28/2015 04:12 PM, Alarie, Maxime wrote:
>
>  
>
> Anyone ever implemented auditd  by following the CIS standards
> described here?
>  https://benchmarks.cisecurity.org/downloads/show-single/?file=suse11.110
>
>  
>
> Is it too restrictive?  Not enough?  Too much ressources consuming?  I
> would like some comments/opinions if possible.
>
>  
>
>  
>
> Many thanks.
>
>
>
> --
> Linux-audit mailing list
> Linux-audit@redhat.com
> https://www.redhat.com/mailman/listinfo/linux-audit


[-- Attachment #1.2: Type: text/html, Size: 3639 bytes --]

[-- Attachment #2: Type: text/plain, Size: 0 bytes --]